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Executive  Summary 

This  document  provides  a  comprehensive  technical  reference  that  lists  published  biometric 
standards  and  describes  their  applicability  to  the  biometric  functions  described  in  the  Capstone 
Concept  of  Operations  (CONOPS)  for  Department  of  Defense  (DoD)  Biometrics  in  Support  of 
Identity  Superiority.  It  was  prepared  by  the  DoD  Biometrics  Standards  Working  Group  (BSWG) 
to  assist  in  the  development  of  future  system-specific  policy  and  technical  documents,  such  as 
standard  operating  procedures,  architecture  technical  views,  and  application  profiles.  This 
document  provides  support  for  a  number  of  biometric  modalities,  including:  fingerprints,  face 
images,  iris  images,  signature/sign  data,  hand  geometry,  and  palm  prints.  It  also  describes  the 
status  of  biometric  standards  in  the  DoD  Information  Technology  Standards  Registry.  The 
appendices  of  this  document  contain  a  brief  overview  of  the  criteria  for  DoD  adoption  of 
standards  and  information  on  the  collection  of  non-standardized  biometric  data,  including  DNA 
and  voice  recording  samples.  The  DoD  BSWG  will  update  this  document  on  a  regular  basis  as 
new  biometric  standards  emerge  and  to  maintain  consistency  with  the  CONOPS. 
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1  Introduction 

1.1  Authority 

This  document  is  developed  by  the  DoD  Biometric  Standards  Working  Group  (BSWG).  The 
BSWG  is  chartered  to  champion  the  development  of  biometric  standards  at  the  national  and 
international  levels,  to  coordinate  and  advocate  DoD  interests,  and  to  build  a  consensus  on 
standards  development,  evaluation,  adoption,  and  implementation  issues  across  the  DoD  and  in 
coordination  with  other  federal  agencies.  Members  of  this  working  group  include: 

U.S.  Army 

U.S.  Air  Force 

Department  of  the  Navy 

DoD  Biometrics  Task  Force 

DoD  Program  Manager,  Biometrics 

Defense  Manpower  Data  Center 

Defense  Information  Systems  Agency 

Defense  Information  Technology  Standards  Registry  Information  Assurance  Technical  Working 
Group 

Office  of  the  Assistant  Secretary  of  Defense  for  Networks  &  Information  Integration 

National  Institute  of  Standards  and  Technology 

National  Biometrics  Security  Project 

Intelligence  Community 

Department  of  Transportation 

Federal  Aviation  Administration 

Federal  Bureau  of  Investigation 

Department  of  Homeland  Security 

U.S.  Coast  Guard 

West  Virginia  University 
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1.2  Scope  and  Purpose 

This  document  serves  as  a  technical  reference  that  lists  published  biometric  standards  and 
describes  their  applicability  to  the  “Collect,”  “Store,”  and  “Share”  functions  defined  in  the 
CONOPS  document.  It  also  describes  the  status  of  biometric  standards  in  the  DoD  Information 
Technology  Standards  Registry  (DISR).  This  document  follows  the  CONOPS  capabilities-based 
approach  and  does  not  address  any  specific  system,  application,  or  platform.  Figure  1  depicts  the 
Biometric  Process  defined  in  the  CONOPS. 


Figure  1:  Biometric  Process 
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1.3  Document  Structure 

The  remainder  of  Section  1  describes  this  document’s  structure  and  its  intended  use.  Section  2 
lists  the  meanings  of  acronyms  and  terms  used  in  this  document.  Section  3  lists  published 
standards  and  specifications  for  collecting  biometric  data,  including  any  requirements  pertaining 
to  that  collection.  The  biometric  modalities  included  in  Section  3  are: 

•  Fingerprints 

•  Face  Images 

•  Iris  Images 

•  Signature/Sign  Data 

•  Hand  Geometry 

•  Palm  Prints 
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For  each  modality,  a  subsection  describes  related  equipment,  image  or  sample  capture,  quality 
control  (where  applicable),  and  formatting.  Section  4  addresses  standards  and  specifications  for 
the  transmission  of  biometrics  and  related  data  between  systems  and  organizations.  Standards 
concerning  the  storage  and  archival  of  biometric  data  are  listed  in  Section  5. 

This  document  is  structured  to  correspond  to  a  generic  collection,  transmission,  and  storage 
process  as  illustrated  in  Figure  2. 

Figure  2:  Biometric  Collection,  Transmission,  and  Storage  Process 
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1.4  Intended  Use  of  Document 

This  document  should  be  used  as  a  reference  to  assist  in  the  development  of  future  system- 
specific  policy  and  technical  documents,  such  as  standard  operating  procedures,  architecture 
technical  views,  and  application  profiles.  The  selection  of  appropriate  biometric  standards  for  a 
particular  biometric  system  implementation  is  based  on  the  unique  circumstances  of  the  system, 
including  the  business  need,  system  requirements,  and  applicable  DoD  system  interfaces. 

For  example,  an  application  may  be  required  to  collect  10  rolled  fingerprints,  face,  and  iris 
samples.  The  application  may  also  be  required  to  store  the  fingerprint  data  in  a  local  database 
but  transmit  all  biometric  data  to  a  remote  database,  such  as  DoD  Automated  Biometric 
Identification  System  (ABIS).  Figure  3  demonstrates  how  various  sections  of  this  document  may 
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be  applied  to  identify  standards  that  may  be  implemented  to  support  the  collection,  transmission, 
and  storage  functions  of  the  application. 


Figure  3:  Example  Application 


1.5  Published  Biometric  Standards  and  DISR  Status 

In  2004,  the  DISR  officially  replaced  the  Joint  Technical  Architecture  in  compliance  with  the 
2004  Memorandum  for  DoD  Executive  Agent  for  Information  Technology  Standards  and  in 
accordance  with  DoD  Directives  4350.5  and  5101.7.  The  DISR  serves  as  a  central  repository  for 
DoD-approved  information  technology  standards,  including  biometric  standards.  Use  of  the 
DISR  is  mandated  for  the  development  and  acquisition  of  new  or  modified  fielded  IT  and 
National  Security  Systems  throughout  the  DoD. 

The  following  Table  1  contains  descriptions  of  published  biometric  standards  and  their  status  in 
DISR.  More  information  about  standards  adoption  criteria  and  process  can  be  found  in 
Appendix  A. 
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Table  1:  Published  Biometric  Standards  and  DISR  Status 


Category  of 
Standards 

Standard  Name 

Description 

DISR 

Status 

QJ 

ANSI/NIST  ITL  1-2000  Data  Format  for  the 
Interchange  of  Fingerprint,  Facial,  &  Scar  Mark  & 
Tattoo  (SMT)  Information 

This  standard  defines  the  content,  format,  and  units  of  measurement  for  the 
exchange  of  fingerprint,  palm  print,  facial/mug  shot,  and  SMT  full-image 
information  that  may  be  useful  in  identifying  a  subject. 

Mandated 

OJD 

£ 

l-H 

■4^ 

a 

'S 

a. 

s- 

OJD 

a _ 

ANSI  INCITS  381-2004  Finger  Image-Based  Data 
Interchange  Format 

This  standard  specifies  an  interchange  format  for  the  exchange  of  image- 
based  fingerprint  and  palm  print  recognition  data.  It  defines  the  content, 
format,  and  units  of  measurement  for  such  information.  This  standard  is 
intended  for  those  identification  and  verification  applications  that  require  the 
use  of  raw  or  processed  image  data  containing  detailed  pixel  information. 

Pending 
(Change 
Request  (CR) 
Submitted  as 
Mandated 
Standard) 

ISO/IEC  19794-4  Biometric  Data  Interchange 

This  standard  specifies  a  data  record  interchange  format  for  storing. 

Pending  (CR 
Submitted  as 
Emerging 
Standard) 

Formats  -  Part  4:  Finger  Image  Data 

recording,  and  transmitting  the  information  from  one  or  more  finger  or  palm 
image  areas  within  an  ISO/IEC  19785-1  Common  Biometric  Exchange 
Formats  Framework  (CBEFF)  data  structure.  This  can  be  used  for  the 
exchange  and  comparison  of  finger  image  data. 

ANSI  INCITS  378-2004  Finger  Minutiae  Format 

This  standard  defines  a  method  of  representing  fingerprint  information  using 

Pending  (CR 

for  Data  Interchange 

the  concept  of  minutiae.  It  defines  the  placement  of  the  minutiae  on  a 
fingerprint,  a  record  format  for  containing  the  minutiae  data,  and  optional 

Submitted  as 
Mandated 

QJ 

a 

extensions  for  ridge  count  and  core  and  delta  information. 

Standard) 

ANSI  INCITS  377-2004  Finger  Pattern-Based 

This  standard  specifies  an  interchange  format  for  the  exchange  of  pattern- 

Pending  (CR 

£ 

Interchange  Format 

based  fingerprint  recognition  data.  It  describes  the  conversion  of  a  raw 

H 

fingerprint  image  to  a  cropped  and  down-sampled  finger  pattern 

Submitted  as 

followed  by  the  cellular  representation  of  the  finger  pattern  image  to  create 

Mandated 

*C 

a 

s- 

flj 

the  finger  pattern  interchange  data. 

Standard) 

ISO/IEC  19794-2  Biometric  Data  Interchange 

This  standard  specifies  a  concept  and  data  formats  for  representation  of 

OJD 

Formats  -  Part  2:  Finger  Minutiae  Data 

fingerprints  using  the  fundamental  notion  of  minutiae.  It  is  generic  in  that  it 

Pending  (CR 
Submitted  as 
Emerging 
Standard) 

M 

£ 

may  be  applied  and  used  in  a  wide  range  of  application  areas  where 
automated  fingerprint  recognition  is  involved.  ISO/IEC  19794-2:2005 
contains  definitions  of  relevant  terms,  a  description  of  how  minutiae  shall  be 
determined,  data  formats  for  containing  the  data  for  both  general  use  and  for 
use  with  cards,  and  conformance  information. 
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Category  of 
Standards 

Standard  Name 

Description 

DISK 

Status 

QJ 

O 

ANSI  INCITS  385-2004  Face  Recognition  Format 
for  Data  Interchange 

This  standard  specifies  definitions  of  photographic  environment,  subject 
pose,  focus,  digital  image  attributes,  and  a  face  interchange  format  for 
relevant  applications,  including  human  examination  and  computer- 
automated  face  recognition. 

Pending  (CR 
Submitted  as 
Mandated 
Standard) 

a 

t- 

ISO/IEC  19794-5  Biometric  Data  Interchange 
Formats  -  Part  5:  Face  Image  Data 

This  standard  specifies  scene,  photographic,  digitization,  and  format 
requirements  for  images  of  faces  to  be  used  in  the  context  of  both  human 
verification  and  computer  automated  recognition.  The  format  is  designed  to 
allow  for  the  specification  of  visible  information  discernible  by  an  observer 
pertaining  to  the  face,  such  as  gender,  pose,  and  eye  color. 

Pending  (CR 
Submitted  as 
Emerging 
Standard) 

[ris 

ANSI  INCITS  379-2004  Iris  Image  Interchange 
Format 

This  standard  describes  a  format  for  the  exchange  of  iris  image  information. 

It  contains  a  definition  of  attributes,  a  data  record  format,  sample  records, 
and  conformance  criteria.  Two  alternative  formats  for  iris  image  data  are 
described — one  based  on  a  Cartesian  coordinate  system  and  the  other  on  a 
polar  coordinate  system. 

Mandated 

Standard 

ISO/IEC  19794-6  Biometric  Data  Interchange 
Formats  -  Part  6:  Iris  Image  Data 

This  standard  specifies  two  alternative  image  interchange  formats  for 
biometric  authentication  systems  that  use  iris  recognition.  The  first  is  based 
on  a  rectilinear  image  storage  format  and  the  second  is  based  on  a  polar 
image  specification. 

Pending  (CR 
Submitted  as 
Emerging 
Standard) 

Other 

Modalities 

ANSI  INCITS  396-2005  Hand  Geometry  Format 
for  Data  Interchange 

This  standard  specifies  an  interchange  format  for  the  exchange  of  hand 
geometry  data  in  a  silhouette  format.  It  defines  the  content,  format,  and  units 
of  measurement  for  such  information.  This  standard  is  intended  for  those 
identification  and  verification  applications  that  require  the  use  of  an 
interoperable  hand  geometry  template. 

Pending  (CR 
Submitted  as 
Mandated 
Standard) 

Signature 
Sign  Data 

ANSI  INCITS  395-2005  Biometric  Data 

Interchange  Formats  -  Signature/Sign  Data 

This  Standard  specifies  a  data  interchange  format  for  representation  of 
digitized  sign  or  signature  data,  for  the  purposes  of  biometric  enrollment, 
verification,  or  identification  through  the  use  of  Raw  Signature/Sign  Sample 
Data  or  Common  Feature  Data.  The  data  interchange  format  is  generic  in 
that  it  may  be  applied  and  used  in  a  wide  range  of  application  areas  where 
electronic  signs  or  signatures  are  involved.  No  application-specific 
requirements  or  features  are  addressed  in  this  standard. 

N/A 
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Category  of 

DISK 

Standards 

Standard  Name 

Description 

Status 

Electronic  Fingerprint  Transmission  Specification 

The  purpose  of  this  document  is  to  specify  certain  requirements  to  which 

(EFTS)  (v7.1) 

agencies  must  adhere  to  communicate  electronically  with  the  FBI’s 

Integrated  Automated  Fingerprint  Identification  System  (IAFIS).  This 

o 

specification  is  based  on  ANSI/NIST  ITL  1-2000  and  covers  the  IAFIS 

N/A 

<Z3 

J/ 

1/3 

C 

electronic  transmissions  involving  fingerprints. 

cs 

u 

Electronic  Biometric  Transmission  Specification 

This  specification  describes  customizations  of  EFTS  transactions  that  are 

Pending  (CR 

H 

(EBTS)  (vl.l) 

necessary  to  use  the  DoD  ABIS. 

Submitted  as 

Mandated 

Standard) 

ANSI  INCITS  358-2002  BioAPI  Specification 

This  standard  provides  a  high-level  generic  biometric  authentication  model 

(vl.l) 

suited  for  any  form  of  biometric  technology.  It  covers  the  basic  functions  of 
enrollment,  verification,  and  identification  and  includes  a  database  interface 
to  allow  a  biometric  service  provider  to  manage  the  identification  population 

Mandated 

Standard 

1/3 

lor  optimum  performance. 

S- 

ANSI  INCITS  398-2005  [NISTIR  6529-A] 

This  standard  describes  a  set  of  data  elements  necessary  to  support  biometric 

a 

Common  Biometric  Exchange  Formats 

technologies  in  a  common  way.  These  data  elements  can  be  placed  in  a 

IS 

Framework  (CBEFF) 

single  file  used  to  exchange  biometric  information  between  different  system 
components  or  between  systems.  The  result  promotes  interoperability  of 

Mandated 

Standard 

S 

r-j 

biometric -based  application  programs  and  systems  developed  by  different 

u 

0) 

H 

vendors  by  allowing  biometric  data  interchange. 

OASIS  (Organization  for  the  Advancement  of 

This  specification  defines  a  common  set  of  secure  XML  encodings  for  the 

Structured  Information  Standards)  extensible 
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2  Terms  and  Acronyms 

2.1  Terms 

The  following  terms  are  used  in  this  document  as  indicated. 

•  Application  Profile  -  a  document  that  identifies  a  set  of  two  or  more  existing  prerequisite 
biometric  standards  and  identifies  the  classes,  subsets,  options,  and  parameters  of  those 
base  standards  that  are  necessary  for  accomplishing  a  particular  function. 

•  Collection  Personnel  -  the  DoD-authorized  individual  collecting  biometric  data  from 
another  person. 

•  Electronic  Fingerprint  Sensors  -  also  referred  to  as  live  scan  devices. 

•  Person  -  the  individual  from  whom  biometric  data  are  being  collected. 

2.2  Acronyms 

ABIS  -  DoD  Automated  Biometric  Identification  System 

ANSI  -  American  National  Standards  Institute 

BioAPI  -  Biometrics  Application  Programming  Interface 

BIR  -  Biometric  Identification  Record 

BTF  -  U.S.  Army  Biometrics  Task  Force 

BSWG  -  Biometric  Standards  Working  Group 

CBEFF  -  Common  Biometric  Exchange  Formats  Framework 

CJIS  -  Criminal  Justice  Information  Services 

CONOPS  -  Concept  of  Operations 

DISR  -  Defense  Information  Technology  Standards  Registry 
DNA  -  deoxyribonucleic  acid 
DoD  -  Department  of  Defense 

EBTS  -  Electronic  Biometric  Transmission  Specification 

EFTS  -  Electronic  Fingerprint  Transmission  Specification 

ESP  -  Encapsulating  Security  Payload 

FBI  -  Federal  Bureau  of  Investigation 

FIQM  -  Finger  Image  Quality  Measurement 

IAFIS  -  Integrated  Automated  Fingerprint  Identification  System 

IEC  -  International  Electrotechnical  Commission 

IETF  -  Internet  Engineering  Task  Force 

IKE  -  Internet  Key  Exchange 

INCITS  -  International  Committee  for  Information  Technology  Standards 

IP  -  Internet  Protocol 

IPSEC  -  Internet  Protocol  Security 

ISO  -  International  Organization  for  Standardization 

ITL  -  Information  Technology  Faboratory 

NFIQ  -  NIST  Finger  Image  Quality 

NIST  -  National  Institute  of  Standards  and  Technology 

NISTIR  -  NIST  Interagency  Reports 

OASIS  -  Organization  for  the  Advancement  of  Structured  Information  Standards 
PIV  -  Personal  Identity  Verification 
ppi  -  pixels  per  inch 
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SMT  -  Scar,  Mark,  &  Tattoo 

S/MIME  -  Secure/Multipurpose  Internet  Mail  Extensions 

SOP  -  Standard  Operating  Procedure 

SSH  -  Secure  Shell 

TLS  -  Transport  Layer  Security 

VPN  -  Virtual  Private  Network 

XML  -  extensible  Markup  Language 

3  Collection 

3.1  Rolled  Live  Scan  Fingerprints 

3.1.1  Equipment 

•  All  electronic  fingerprint  sensors,  commonly  known  as  live  scan  devices,  shall  be  certified 
by  the  LBI  to  conform  to  Appendix  L  of  the  ELTS  (Reference  a)  and  shall  appear  on  the 
FBI-certified  devices  list  (Reference  b). 

3.1.2  Image  Capture 

•  Collection  of  samples  from  each  person  shall  include  the  following  images: 

o  10  separately  rolled  fingers. 

o  Combined  plain  impression  of  the  four  fingers  on  the  right  hand  (no  thumb), 
o  Combined  plain  impression  of  the  four  fingers  on  the  left  hand  (no  thumb), 
o  Left  thumb  plain  impression, 
o  Right  thumb  plain  impression. 

•  Rolled  impressions  shall  be  rolled  from  one  side  of  the  fingernail  to  the  other. 

•  Images  shall  be  captured  at  a  resolution  of  either  500  or  1,000  pixels  per  inch  (ppi). 

3.1.3  Quality  Control 

•  Rolled  live  scan  fingerprint  images  shall  be  evaluated  with  an  automated  tool  that 
implements  one  of  the  following  DoD-approved  quality  algorithms: 

o  National  Institute  of  Standards  and  Technology  (NIST)  Finger  Image  Quality  (NFIQ) 
Tool  (Reference  q). 

o  DoD  Finger  Image  Quality  Measurement  (FIQM)  Tool  (Reference  r). 

3.1.4  Formatting 

•  Rolled  live  scan  fingerprint  images  shall  be  formatted  in,  and  in  conformance  with,  one  of 
the  following  formats: 

o  EBTS  Type-4  logical  records  (Reference  k).  Only  500-ppi  images  shall  be  stored  in 
Type-4  records.  Note  that  EBTS  Type-4  records  are  identical  to  EFTS  and  American 
National  Standards  Institute  (ANSI)/NIST  Type-4  records, 
o  EBTS  Type- 14  logical  records  (Reference  k).  500-ppi  and  1,000-ppi  images  may  be 
stored  in  Type-14  records.  Note  that  EBTS  Type-14  records  are  identical  to  EFTS  and 
ANSI/NIST  Information  Technology  Laboratory  (ITL)  1-2000  Type-14  records, 
o  ANSI  International  Committee  for  Information  Technology  Standards  (INCITS)  381- 
2004  Finger  Image  standard  (Reference  d). 
o  ANSI  INCITS  378-2004  Finger  Minutiae  standard  (Reference  h). 
o  ANSI  INCITS  377-2004  Finger  Pattern  standard  (Reference  i). 
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o  International  Organization  for  Standardization  (ISO)/Intemational  Electrotechnical 
Commission  (IEC)  19794-4  Biometric  Data  Interchange  Formats  -  Part  4:  Finger 
Image  Data  (Reference  hh). 

o  ISO/IEC  19794-2  Biometric  Data  Interchange  Formats  -  Part  2:  Finger  Minutiae  Data 
(Reference  ii). 

•  ANSI  INCITS-  and  ISO/IEC-formatted  rolled  live  scan  fingerprint  data  shall  be  embedded 
in  a  CBEFF  Patron  Format  (Reference  j). 

•  EBTS-formatted  rolled  live  scan  fingerprint  data  may  be  embedded  in  a  CBEFF  Patron 
Format  (Reference  j). 

•  Rolled  live  scan  fingerprint  data  embedded  in  a  CBEFF  Patron  Format  should  make  use  of 
one  of  the  CBEFF  Patron  Formats  that  are  being  commonly  used  or  are  required  by  the 
specific  application.  Special  consideration  should  be  given  to  the  Patron  Format  specified 
in  section  6  of  NIST  Special  Publication  800-76  (Reference  1)  or  to  the  Biometrics 
Application  Programming  Interface  (Bio API)  1.1  storage  format  (Format  C  -  The  BioAPI 
Biometric  Identification  Record  (BIR))  specified  in  Annex  C  of  CBEFF  (Reference  j). 

3.2  Plain  Live  Scan  Fingerprints 

3.2.1  Equipment 

•  All  electronic  plain  scan  fingerprint  sensors  shall  be  certified  by  the  FBI  to  conform  to 
Appendix  F  of  the  EFTS  (Reference  a)  and  shall  appear  on  the  FBI-certified  devices  list 
(Reference  b). 

3.2.2  Image  Capture 

•  Plain  live  scan  fingerprints  may  be  either  “segmented”  or  “unsegmented.” 

•  Collection  of  segmented  plain  live  scan  finger  samples  shall  include  the  following  14 
images: 

o  10  individual  plain  impressions  of  separate  fingers. 

o  Combined  plain  impression  of  the  four  fingers  on  the  right  hand  (no  thumb), 
o  Combined  plain  impression  of  the  four  fingers  on  the  left  hand  (no  thumb), 
o  Feft  thumb  plain  impression, 
o  Right  thumb  plain  impression. 

•  Collection  of  unsegmented  plain  live  scan  finger  samples  shall  include  the  following  three 
images: 

o  Combined  plain  impression  of  the  four  fingers  on  the  right  hand  (no  thumb), 
o  Combined  plain  impression  of  the  four  fingers  on  the  left  hand  (no  thumb), 
o  Combined  plain  impression  of  the  two  thumbs. 

•  Images  shall  be  captured  at  a  resolution  of  either  500  or  1,000  ppi.  Special  consideration 
should  be  given  to  the  Patron  Format  specified  in  section  6  of  NIST  Special  Publication 
800-76  (Reference  1)  or  to  the  BioAPI  1.1  storage  format  (Format  C  -  The  BioAPI  BIR) 
specified  in  Annex  C  of  CBEFF  (Reference  j). 

3.2.3  Quality  Control 

•  Plain  live  scan  fingerprint  images  shall  be  evaluated  with  an  automated  tool  that 
implements  one  of  the  following  DoD-approved  quality  algorithms: 

o  NFIQ  Tool  (Reference  q). 
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o  DoD  FIQM  Tool  (Reference  r). 

3.2.4  Formatting 

•  Plain  live  scan  fingerprint  images  shall  be  formatted  in  and  in  conformance  with  one  of  the 
following  formats: 

o  EBTS  Type-4  logical  records  (Reference  k).  Only  500-ppi  images  shall  be  stored  in 
Type-4  records.  Note  that  EBTS  Type-4  records  are  identical  to  EFTS  and 
ANSI/NIST  Type-4  records. 

o  EBTS  Type- 14  logical  records  (Reference  k).  500-ppi  and  1,000-ppi  images  may  be 
stored  in  Type- 14  records.  Note  that  EBTS  Type- 14  records  are  identical  to  EFTS  and 
ANSPNIST  ITL  1-2000  Type- 14  records, 
o  ANSI  INCITS  381-2004  Finger  Image  standard  (Reference  d). 
o  ANSI  INCITS  378-2004  Finger  Minutiae  standard  (Reference  h). 
o  ANSI  INCITS  377-2004  Finger  Pattern  standard  (Reference  i). 
o  ISO/IEC  19794-4  Biometric  Data  Interchange  Formats  -  Part  4:  Finger  Image  Data 
(Reference  hh). 

o  ISO/IEC  19794-2  Biometric  Data  Interchange  Formats  -  Part  2:  Finger  Minutiae  Data 
(Reference  ii). 

•  All  ANSI  INCITS-  and  ISO/IEC-formatted  plain  live  scan  fingerprint  data  shall  be 
embedded  in  a  CBEFF  Patron  Format  (Reference  j). 

•  All  EBTS -formatted  plain  live  scan  fingerprint  data  may  be  embedded  in  a  CBEFF  Patron 
Format  (Reference  j). 

•  Plain  live  scan  fingerprint  data  embedded  in  a  CBEFF  Patron  Format  should  make  use  of 
one  of  the  CBEFF  Patron  Formats  that  are  being  commonly  used  or  are  required  by  the 
specific  application.  Special  consideration  should  be  given  to  the  Patron  Format  specified 
in  section  6  of  NIST  Special  Publication  800-76  (Reference  1)  or  to  the  Bio  API  1.1  storage 
format  (Format  C  -  The  BioAPI  BIR)  specified  in  Annex  C  of  CBEFF  (Reference  j). 

3.3  Single  Fingerprints 

3.3.1  Equipment 

•  All  electronic  single-fingerprint  sensors  shall  implement  a  software  interface  that  complies 
with  BioAPI  1.1  (Reference  c). 

3.3.2  Image  Capture 

•  Image  capture  requirements  shall  be  stated  using  the  “Image  Acquisition  Settings  Fevels” 
in  Table  1  of  Clause  6,  “Image  Acquisition  Requirements,”  of  ANSI  INCITS  381-2004, 
“Finger  Image-Based  Data  Interchange  Format”  (Reference  d). 

3.3.3  Quality  Control 

•  Rolled  live  scan  fingerprint  images  shall  be  evaluated  with  an  automated  tool  that 
implements  one  of  the  following  DoD-approved  quality  algorithms: 

o  NFIQ  Tool  (Reference  q). 
o  DoD  FIQM  Tool  (Reference  r). 

3.3.4  Formatting 

•  Single  fingerprint  images  shall  be  formatted  in,  and  in  conformance  with,  one  of  the 
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following  formats: 

o  ANSI  INCITS  381-2004  Finger  Image  standard  (Reference  d). 
o  ANSI  INCITS  378-2004  Finger  Minutiae  standard  (Reference  h). 
o  ANSI  INCITS  377-2004  Finger  Pattern  standard  (Reference  i). 
o  ISO/IEC  19794-4  Biometric  Data  Interchange  Formats  -  Part  4:  Finger  Image  Data 
(Reference  hh). 

o  ISO/IEC  19794-2  Biometric  Data  Interchange  Formats  -  Part  2:  Finger  Minutiae  Data 
(Reference  ii). 

•  Single  fingerprint  images  embedded  in  a  CBEFF  Patron  Format  should  make  use  of  one  of 
the  CBEFF  Patron  Formats  that  are  being  commonly  used  or  are  required  by  the  specific 
application.  Special  consideration  should  be  given  to  the  Patron  Format  specified  in 
section  6  of  NIST  Special  Publication  800-76  (Reference  1)  or  to  the  Bio  API  1.1  storage 
format  (Format  C  -  The  BioAPI  BIR)  specified  in  Annex  C  of  CBEFF  (Reference  j). 

3.4  Latent  Fingerprints 

3.4.1  Equipment 

There  is  no  further  guidance  related  to  equipment. 

3.4.2  Image  Capture 

•  It  is  highly  recommended  that  latent  fingerprint  images  be  captured  at  1,000-ppi  or  higher 
resolution. 

•  Grayscale  digital  imaging  should  be  at  a  minimum  of  8  bits  per  pixel. 

•  Color  digital  imaging  should  be  at  a  minimum  of  24  bits  per  pixel. 

3.4.3  Formatting 

•  Fatent  fingerprint  images  shall  be  formatted  in,  and  in  conformance  with,  one  of  the 
following  formats: 

o  EBTS  Type-4  logical  records  (Reference  k).  Only  500-ppi  images  shall  be  stored  in 
Type-4  records.  Note  that  EBTS  Type-4  records  are  identical  to  EFTS  and 
ANSI/NIST  Type-4  records. 

o  EBTS  Type-7  logical  records  (Reference  k).  500-ppi  and  higher  resolution  images 
may  be  stored  in  Type-7  records.  Note  that  EBTS  Type-7  records  are  identical  to 
EFTS  and  ANSPNIST  ITF  1-2000  Type-7  records, 
o  EBTS  Type-9  logical  records  (Reference  k).  Note  that  EBTS  Type-9  records  are 
identical  to  EFTS  and  ANSPNIST  ITF  1-2000  Type-9  records. 


3.5  Rolled  Ink-on-Card  Fingerprints 

3.5.1  Equipment 

•  Rolled  ink  fingerprints  shall  be  captured  on  DoD-acceptable  fingerprint  cards  (examples 
are  FBI  Criminal  Justice  Information  Services  (CJIS)  Forms  FD-249  (Criminal  Card)  and 
FD-258  (Applicant  Card)). 

•  All  electronic  fingerprint  scanners  shall  be  certified  by  the  FBI  to  conform  to  Appendix  F 
of  the  EFTS  (Reference  a)  and  shall  appear  on  the  FBI-certified  devices  list  (Reference  b). 
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3.5.2  Image  Capture 

•  Collection  of  samples  from  each  person  shall  include  the  following  images: 

o  10  separately  rolled  fingers. 

o  Combined  plain  impression  of  the  four  fingers  on  the  right  hand  (no  thumb), 
o  Combined  plain  impression  of  the  four  fingers  on  the  left  hand  (no  thumb), 
o  Left  thumb  plain  impression, 
o  Right  thumb  plain  impression. 

•  Rolled  impressions  shall  be  rolled  from  one  side  of  the  fingernail  to  the  other. 

•  Images  taken  from  the  fingerprint  cards  shall  be  captured  at  a  resolution  of  either  500  or 
1,000  ppi. 

3.5.3  Formatting 

•  Rolled  ink-on-card  fingerprint  images  shall  be  formatted  in,  and  in  conformance  with,  one 
of  the  following  formats: 

o  EBTS  Type-4  logical  records  (Reference  k).  Only  500-ppi  images  shall  be  stored  in 
Type-4  records.  Note  that  EBTS  Type-4  records  are  identical  to  EFTS  and 
ANSI/NIST  Type-4  records. 

o  EBTS  Type- 14  logical  records  (Reference  k).  500-ppi  and  1,000-ppi  images  may  be 
stored  in  Type- 14  records.  Note  that  EBTS  Type- 14  records  are  identical  to  EFTS  and 
ANSI/NIST  ITL  1-2000  Type- 14  records. 

3.6  Face  Images 

3.6.1  Equipment 

•  All  photographs  shall  be  taken  using  color  cameras. 

•  All  facial  image  capture  equipment  shall  implement  a  software  interface  that  complies  with 
BioAPI  1.1  (Reference  c). 

3.6.2  Image  Capture 

•  The  camera  lens  orientation  shall  be  pointed  to  the  front  of  the  person,  aligned 
approximately  in  the  center  of  the  face,  and  taken  from  a  distance  of  approximately  five 
feet. 

•  The  orientation(s)  of  the  person  for  facial  photos  shall  be  taken  from  the  following 
positions: 

o  Frontal  view  (also  known  as  full-frontal  pose), 
o  90  degrees  left  side, 
o  45  degrees  left  side, 
o  90  degrees  right  side, 
o  45  degrees  right  side. 

•  When  photographed,  the  person  shall  not  be  allowed  to  wear  any  glasses,  sunglasses, 
headgear,  headdress,  or  other  items  obscuring  the  area  photographed.  There  are  no 
constraints  on  cosmetics. 

•  The  full  frontal  pose  shall  conform  to  the  requirements  of  ANSI  INCITS  385-2004,  “Face 
Recognition  Format  for  Data  Interchange”  (Reference  e),  clauses  8.2,  8.3,  and  8.4  (The 
Full  Frontal  Image  Type). 
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3.6.3  Formatting 

•  Facial  images  shall  be  formatted  in,  and  in  conformance  with,  one  of  the  following 
formats: 

o  EBTS  Type-10  logical  records  (Reference  k).  Note  that  EBTS  Type-10  records  are 
identical  to  EFTS  and  ANSI/NIST  Type- 10  records, 
o  ANSI  INCITS  385-2004  Face  Recognition  Format  standard  (Reference  e). 
o  ISO/IEC  19794-5  Biometric  Data  Interchange  Formats  -  Part  5:  Face  Image  Data 
(Reference  jj). 

•  ANSI  INCITS-  and  ISO/IEC-formatted  facial  image  data  shall  be  embedded  in  a  CBEFF 
Patron  Format  (Reference  j). 

•  EBTS-formatted  facial  image  data  may  be  embedded  in  a  CBEFF  Patron  Format 
(Reference  j). 

•  Facial  image  data  embedded  in  a  CBEFF  Patron  Format  should  make  use  of  one  of  the 
CBEFF  Patron  Formats  that  are  being  commonly  used  or  are  required  by  the  specific 
application.  Special  consideration  should  be  given  to  the  Patron  Format  specified  in 
section  6  of  NIST  Special  Publication  800-76  (Reference  1)  or  to  the  Bio  API  1.1  storage 
format  (Format  C  -  The  BioAPI  BIR)  specified  in  Annex  C  of  CBEFF  (Reference  j). 

3.7  Iris  Images 

3.7.1  Equipment 

•  All  iris  image  capture  equipment  shall  implement  a  software  interface  that  complies  with 
BioAPI  1.1  (Reference  c). 

•  All  iris  image  capture  equipment  shall  collect  separate  images  of  the  left  and  right  irises  of 
each  person.  Note:  This  does  not  imply  that  two  images  must  be  collected.  The 
requirement  is  that,  if  both  the  left  and  right  eyes  are  captured,  the  process  must  result  in 
two  images. 

3.7.2  Image  Capture 

•  Images  should  be  captured  in  accordance  with  Annex  A,  Iris  Image  Capture  Best  Practices, 
of  ANSI  INCITS  379-2004,  the  Iris  Image  Interchange  Format  (Reference  f). 

3.7.3  Formatting 

•  Iris  images  shall  be  formatted  in,  and  in  conformance  with,  one  of  the  following  formats: 

o  EBTS  Type- 16  logical  records  (Reference  k).  Note  that  there  are  no  EFTS  or 
ANSI/NIST  Type-16  records  that  are  equivalent  to  EBTS  Type-16  records, 
o  ANSI  INCITS  379-2004  Iris  Image  Format  standard  (Reference  f). 
o  ISO/IEC  19794-6  Biometric  Data  Interchange  Formats  -  Part  6:  Iris  Image  Data 
(Reference  kk). 

•  ANSI  INCITS-  and  ISO/IEC-formatted  iris  image  data  shall  be  embedded  in  a  CBEFF 
Patron  Format  (Reference  j). 

•  EBTS-formatted  iris  image  data  may  be  embedded  in  a  CBEFF  Patron  Format  (Reference 

j)- 

•  Iris  image  data  embedded  in  a  CBEFF  Patron  Format  should  make  use  of  one  of  the 
CBEFF  Patron  Formats  that  are  being  commonly  used  or  are  required  by  the  specific 
application.  Special  consideration  should  be  given  to  the  Patron  Format  specified  in 
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section  6  of  NIST  Special  Publication  800-76  (Reference  1)  or  to  the  Bio  API  1.1  storage 
format  (Format  C  -  The  BioAPI  BIR)  specified  in  Annex  C  of  CBEFF  (Reference  j). 

3.8  Signature/Sign  Data 

3.8.1  Equipment 

•  All  signature/sign  data  capture  equipment  shall  implement  a  software  interface  that 
complies  with  BioAPI  1.1  (Reference  c). 

3.8.2  Data  Capture 

There  is  no  further  guidance  related  to  data  capture. 

3.8.3  Formatting 

•  Signature/sign  data  shall  be  formatted  in,  and  in  conformance  with: 

o  ANSI  INCITS  395-2005  Biometric  Data  Interchange  Formats  -  Signature/Sign  Data 
(Reference  nn). 

•  Signature/sign  data  shall  be  embedded  in  a  CBEFF  Patron  Format  (Reference  j). 

•  Signature/sign  data  embedded  in  a  CBEFF  Patron  Format  should  make  use  of  one  of  the 
CBEFF  Patron  Formats  that  are  being  commonly  used  or  are  required  by  the  specific 
application.  Special  consideration  should  be  given  to  the  Patron  Format  specified  in 
section  6  of  NIST  Special  Publication  800-76  (Reference  1)  or  to  the  BioAPI  1.1  storage 
format  (Format  C  -  The  BioAPI  BIR)  specified  in  Annex  C  of  CBEFF  (Reference  j). 

3.9  Hand  Geometry  Samples 

3.9.1  Equipment 

•  All  hand  geometry  capture  equipment  shall  implement  a  software  interface  that  complies 
with  BioAPI  1.1  (Reference  c). 

3.9.2  Data  Capture 

There  is  no  further  guidance  related  to  data  capture. 

3.9.3  Formatting 

•  Hand  geometry  data  shall  be  formatted  in,  and  in  conformance  with: 

o  ANSI  INCITS  396-2005  Hand  Geometry  Format  standard  (Reference  n). 

•  Hand  geometry  data  shall  be  embedded  in  a  CBEFF  Patron  Format  (Reference  j). 

•  Hand  geometry  data  embedded  in  a  CBEFF  Patron  Format  should  make  use  of  one  of  the 
CBEFF  Patron  Formats  that  are  being  commonly  used  or  are  required  by  the  specific 
application.  Special  consideration  should  be  given  to  the  Patron  Format  specified  in 
section  6  of  NIST  Special  Publication  800-76  (Reference  1)  or  to  the  BioAPI  1.1  storage 
format  (Format  C  -  The  BioAPI  BIR)  specified  in  Annex  C  of  CBEFF  (Reference  j). 

3.10  Palm  Prints 

3.10.1  Equipment 

•  All  palm  print  capture  equipment  shall  meet  the  equipment  requirements  contained  in 
ANSPNIST  ITF  1-2000  Section  22  (Reference  p). 
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3.10.2  Image  Capture 

•  All  palm  print  capture  equipment  shall  meet  the  image  capture  requirements  contained  in 
ANSI/NIST  ITL  1-2000  Section  22  (Reference  p). 

3.10.3  Formatting 

•  Palm  print  images  shall  be  formatted  in,  and  in  conformance  with: 

o  ANSPNIST  ITL  1-2000  Type- 15  records. 

•  ANSI/NIST  ITL  1-2000  formatted  palm  print  image  data  may  be  embedded  in  a  CBEFF 
Patron  Format  (Reference  j). 

•  Palm  print  data  embedded  in  a  CBEFF  Patron  Format  should  make  use  of  one  of  the 
CBEFF  Patron  Formats  that  are  being  commonly  used  or  are  required  by  the  specific 
application.  Special  consideration  should  be  given  to  the  Patron  Format  specified  in 
section  6  of  NIST  Special  Publication  800-76  (Reference  1)  or  to  the  Bio  API  1.1  storage 
format  (Format  C  -  The  BioAPI  BIR)  specified  in  Annex  C  of  CBEFF  (Reference  j). 

4  Transmission 

4.1  Format 

4.1.1  EBTS  Transactions 

•  May  be  used  for  transmitting  the  following: 

o  finger  images  in  Type-4  or  Type- 14  logical  records, 
o  latent  images  in  Type-7  logical  records, 
o  finger  minutiae  in  Type-9  logical  records, 
o  facial  images  in  Type- 10  logical  records, 
o  SMT  images  in  Type- 10  logical  records, 
o  iris  images  in  Type-16  logical  records. 

•  Shall  conform  to  EBTS  Version  1.1  (Reference  k). 

•  May  be  used  to  transmit  to  the  DoD  ABIS. 

4.1.2  EFTS  Transaction 

•  May  be  used  for  transmitting  the  following: 

o  finger  images  in  Type-4  or  Type-14  logical  records, 
o  latent  images  in  Type-7  logical  records, 
o  finger  minutiae  in  Type-9  logical  records, 
o  facial  images  in  Type- 10  logical  records, 
o  SMT  images  in  Type- 10  logical  records. 

•  Shall  conform  to  EFTS  (Reference  a). 

•  May  be  used  to  transmit  to  DoD  ABIS  and  FBI  IAFIS. 

4. 1 .3  CBEFF  Patron  Format 

•  Any  CBEFF  Patron  Format  may  be  used  for  transmitting  any  biometric  data  that  have  a 
Format  Type  value  assigned  by  a  registered  Format  Owner  (see  CBEFF,  Section  6.3 
(Reference  j)). 

•  CBEFF-formatted  data  should  make  use  of  one  of  the  CBEFF  Patron  Formats,  preferably 
one  of  those  that  are  being  commonly  used  or  are  required  by  the  specific  application. 
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Special  consideration  should  be  given  to  the  Patron  Format  specified  in  section  6  of  NIST 
Special  Publication  800-76  (Reference  1)  or  to  the  Bio  API  1.1  storage  format  (Format  C  - 
The  BioAPI  BIR)  specified  in  Annex  C  of  CBEFF  (Reference  j). 

4.2  Transport 

4.2.1  Transport  to  DoD  AB IS 

•  Accepts  transactions  submitted  via: 

o  E-mail  on  NIPRNet. 
o  E-mail  on  SIPRNet. 
o  FTP  on  NIPRNet. 
o  Computer  media  (CD-ROM,  DVD). 

4.2.2  Transport  to  FBI  IAFIS 

•  Accepts  transactions  submitted  via: 

o  E-mail  on  the  CHS  Wide  Area  Network 

4.3  Protection 

4.3.1  File  Security 

•  CBEFF 

o  X9.84  specifies  the  minimum  security  requirements  for  effective  management  of 
biometric  data  (Reference  gg).  The  application  profile  will  detail  the  specific 
implementation  of  X9.84  to  avoid  possible  incompatibility  with  CBEFF. 
o  PIV  Patron  Format  (Reference  1). 

•  Data  Protection 

o  Cryptographic  Message  Syntax  (1999)  -  Internet  Engineering  Task  Force  (IETF) 
Request  for  Comments  (RFC)  2630  (Reference  t). 
o  Cryptographic  Message  Syntax  (2004)  -  IETF  RFC  3852  (Reference  u). 

4.3.2  Message  Security 

•  Secure  e-mail 

o  Secure/Multipurpose  Internet  Mail  Extensions  (S/MIME)  Version  3,  Message 
Specification  -  IETF  RFC  2633  (Reference  v). 
o  S/MIME  Version  3.1  Message  Specification  -  IETF  RFC  3851  (Reference  w). 

4.3.3  Transport  Security 

•  Secure  Socket 

o  Transport  Fayer  Security  (TFS)  Protocol  Version  1.0  -  IETF  RFC  2246  (Reference  x). 
o  TFS  Protocol  Version  1.1  -  IETF  RFC  4346  (Reference  y). 

•  Secure  File  Transfer 

o  File  Transfer  Protocol  (FTP)  Security  Extensions  -  IETF  RFC  2228  (Reference  z). 
o  Secure  Shell  (SSH)  File  Transfer  Protocol  -  IETF  Internet  Draft  (Reference  mm). 

•  Virtual  Private  Network  (VPN) 

o  Internet  Protocol  Security  (IPSec)  with  Internet  Key  Exchange  (IKE)  (1998). 
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■  Internet  Protocol  (IP)  Authentication  Header  -  IETF  RFC  2402  (Reference  aa). 

■  IP  Encapsulating  Security  Payload  (ESP)  -  IETF  2406  (Reference  cc). 

■  The  IKE  -  IETF  RFC  2409  (Reference  ee) . 
o  IPSec  with  IKE  (2005) 

■  IP  Authentication  Header  -  IETF  RFC  4302  (Reference  bb). 

■  ESP  -  IETF  4303  (Reference  dd) . 

■  IKE  v2  Protocol  -  IETF  RFC  4306  (Reference  ff) . 


5  Storage 

5.1  Format 

5.1.1  PIV  Card 

•  The  storage  format  for  data  on  the  PIV  card  is  in  NIST  Special  Publication  800-76 
(Reference  1). 

5.1.2  PIV  Enrollment  Agency 

•  The  storage  format  for  data  saved  by  the  agency  executing  a  PIV  card  enrollment  is  in 
NIST  Special  Publication  800-76  (Reference  1). 

5.1.3  Other  Biometric  Repository 

•  The  internal  storage  format  of  biometric  data  in  a  repository  should  be  specified 
based  on  system  requirements.  However,  the  biometric  repository  shall  be  capable  of 
constructing  at  least  one  of  the  standardized  data  interchange  and  transmission 
formats  listed  in  this  document.  This  construction  capability  shall  enable  the  system 
to  format  biometric  files  according  to  the  standards  listed  in  this  document  for  the 
purpose  of  successfully  sharing  those  files  with  other  standardized  DoD-recognized 
systems.  Each  biometric  modality  listed  in  this  document  contains  published 
standardized  formats  for  performing  successful  transmissions. 

5.2  Archiving 

5.2.1  DoDABIS 

•  Data  transmitted  to  the  DoD  ABIS  may  indicate  that  data  be  retained  or  not  retained. 

5.2.2  FBI  IAFIS 

•  Data  transmitted  to  the  IAFIS  may  indicate  that  data  be  retained  or  not  retained. 

5.3  Protection 

5.3.1  File  Security 

•  CBEFF 

o  X9.84  specifies  the  minimum  security  requirements  for  effective  management  of 
biometric  data  (Reference  gg).  The  application  profile  will  detail  the  specific 
implementation  of  X9.84  to  avoid  possible  incompatibility  with  CBEFF. 
o  PIV  Patron  Format  (Reference  1). 

•  Data  Protection 

o  Cryptographic  Message  Syntax  (1999)  -  IETF  RFC  2630  (Reference  t). 
o  Cryptographic  Message  Syntax  (2004)  -  IETF  RFC  3852  (Reference  u). 
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Appendix  A:  Adoption  of  Biometric  Standards 

Published  standards  should  be  adopted  and  used  whenever  possible  to  permit  the  development  of 
open  systems  and  avoid  use  of  vendor- specific,  proprietary  solutions.  Standards  provide 
structure  and  a  framework  by  which  development,  interoperability,  interchange,  and 
functionality  may  be  achieved. 

Adoption  is  a  process  by  which  an  organization  expresses  formal  acceptance  of  a  standard  for 
use  in  direct  procurement,  as  a  reference  in  another  document,  or  as  guidance  in  its  design, 
manufacturing,  testing,  or  support  activities.  Adoption  of  biometric  standards  is  a  crucial 
component  of  a  successful  implementation  of  biometric  technologies.  Common  biometric 
standards  should  be  used  throughout  DoD  to  facilitate  interoperability  and  data  sharing  within 
DoD,  the  federal  government,  and  foreign  partners.  As  new  standards  are  published,  these 
standards  must  be  evaluated  and  possibly  adopted  by  DoD. 

A.l  DoD  DISR  Overview 

In  2004,  the  DISR  officially  replaced  the  Joint  Technical  Architecture  in  compliance  with  the 
2004  Memorandum  for  DoD  Executive  Agent  for  Information  Technology  Standards  and  in 
accordance  with  DoD  Directives  4350.5  and  5101.7.  The  DISR  serves  as  a  central  repository  for 
DoD-approved  information  technology  standards,  including  biometric  standards.  Use  of  the 
DISR  is  mandated  for  the  development  and  acquisition  of  new  or  modified  fielded  IT  and 
National  Security  Systems  throughout  the  DoD. 

To  support  the  adoption  of  biometric  standards,  the  BSWG  selects  published  standards  based  on 
priorities  identified  by  the  DoD  Biometrics  Community  of  Interest  and  submits  formal  Change 
Requests  to  the  DISR. 

A.2  Criteria  for  Submission  of  Standards  to  the  DISR 

Standards  must  successfully  satisfy  the  following  criteria  for  submission  and  acceptance  into  the 
DISR:  net-centricity,  interoperability,  technical  maturity,  implementability,  publicly  available, 
consistent  with  authoritative  sources,  and  applicability  to  DoD.  The  standards  selection  criteria 
focus  on  mandating  only  those  items  critical  to  net-centricity  and  interoperability  (Reference  s). 

•  Net-eentric  Interoperability  -  How  does  this  technology  provide  users  the  ability  to  access 
applications  and  services  through  Web  services  (an  information  environment  composed 
of  interoperable  computing  and  communication  components)? 

•  Technical  Maturity  -  How  technically  mature  and  stable  is  the  standard?  Does  it  have 
strong  support  in  the  commercial  marketplace?  What  commercial  products  exist  for  this 
standard?  How  long  has  this  standard  been  used?  Is  a  follow-on  standard  in 
development?  When  is  its  estimated  completion  date?  Should  the  sunset  status  be  added 
to  the  current  mandated  status? 

•  Public  Availability  -  To  what  URL  can  a  system  developer  go  to  get  a  copy  of  the 
standard?  Is  a  copy  of  the  standard  free,  or  must  it  be  purchased? 
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•  Implementability  -  Who  specifically  in  DoD  or  the  Intelligence  Community  is  using  this 
standard?  What  specific  commercial  organizations  have  developed  implementations  of 
this  standard? 

•  Authoritative  -  What  standards  body  developed  and  now  maintains  this  standard?  Is  it  an 
international,  national,  or  military  standard?  What  is  the  process  for  maintaining  and 
developing  this  standard?  Is  the  process  open  or  closed? 

•  Applicability  -  Is  the  standard  applicable  to  the  entire  DoD?  The  standard  must  have 
Department- wide  applicability  since,  under  the  Clinger-Cohen  Amendment,  the  DoD 
Chief  Information  Officer  has  authority  to  “ensure  that  information  technology  and 
national  security  systems  standards  that  will  apply  throughout  the  Department  of  Defense 
are  prescribed.”  This  would  preclude  mandates  for  Component-unique  standards  or 
duplicate  standards  for  the  same  capability  that  are  not  interoperable. 

Each  standard  accepted  to  the  DISR  is  assigned  a  status,  which  is  one  of  the  following: 

•  Emerging  standards  -  candidate  standards  to  help  the  program  manager  determine 
those  areas  likely  to  change  within  three  years  and  to  suggest  those  areas  in  which 
“upgradeability”  should  be  a  concern.  They  may  be  implemented,  but  shall  not  be 
used  in  lieu  of  a  mandated  standard  without  a  waiver.  An  emerging  standard  is 
expected  to  be  elevated  to  mandatory  status  within  three  years.  Those  that  continue 
in  an  emerging  status  for  longer  than  three  years  will  require  justification. 

•  Mandated  standards  -  essential  for  providing  interoperability  and  net-centric  services 
across  the  DoD  enterprise.  They  are  the  minimum  set  of  essential  standards  for 
implementation  in  the  acquisition  of  all  DoD  systems  that  produce,  use,  or  exchange 
information  and,  when  implemented,  facilitate  the  flow  of  information  in  support  of 
the  warfighter.  These  standards  are  mandated  for  the  management,  development,  and 
acquisition  of  new  or  improving  systems  throughout  the  DoD. 
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Appendix  B:  Data  Collection  for  Non-Standardized  Modalities 

Currently,  there  are  no  published  national  or  international  standards  for  voice  or  DNA  biometric 
data.  The  following  sub-sections  provide  recommendations  based  on  the  practices  existing 
within  the  DoD. 

B.l  Voice  Recording  Samples 

B.1.1  Equipment 

•  A  dedicated  microphone(s)  shall  be  used.  Microphones  built  in  to  a  laptop,  personal 
digital  assistant,  or  similar  device  shall  not  be  used. 

•  Voice  sample  capture  equipment  should  implement  a  software  interface  that  complies  with 
BioAPI  1.1  (Reference  c). 

B.1.2  Sample  Capture 

•  Microphone(s)  shall  be  positioned  6  to  12  inches  from  the  person. 

•  The  person  shall  read  a  prepared  script  no  less  than  30  seconds  in  length  in  his  native 
language  and  speaking  style. 

•  If  possible,  multiple  voice  samples  should  be  collected  from  each  person  on  different  days 
and  at  differing  times  of  the  day  (e.g.,  morning,  mid-day,  and  evening). 

•  Voice  samples  shall  be  collected  in  an  indoor  location  relatively  free  of  background  noise. 
The  room  used  for  voice  data  collection  shall  use  materials  such  as  carpeting,  cubicle 
walls,  blankets,  or  similar  materials  to  suppress  reflective  noise  and  echo  effects. 

B.1.3  Formatting 

•  Captured  voice  files  shall  be  formatted  in  a  .wav  file  format  defined  in  ISO/IEC  13818  - 
Generic  coding  of  moving  pictures  and  associated  audio  information  (Reference  m). 

•  Formatted  voice  files  shall  be  embedded  in  a  CBEFF  Patron  Format  (Reference  j). 

•  Voice  files  embedded  in  a  CBEFF  Patron  Format  should  make  use  of  one  of  the  CBEFF 
Patron  Formats  that  are  being  commonly  used  or  are  required  by  the  specific  application. 
Special  consideration  should  be  given  to  the  Patron  Format  specified  in  section  6  of  NIST 
Special  Publication  800-76  (Reference  1)  or  to  the  BioAPI  1.1  storage  format  (Format  C  - 
The  BioAPI  BIR)  specified  in  Annex  C  of  CBEFF  (Reference  j). 

B.2  DNA  Samples 

This  section  describes  the  requirements  for  the  collection  of  biological  material  suitable  for 
transfer,  temporary  storage,  and  DNA  analysis  for  use  in  federal  counter-terrorism  investigations 
and  operations,  to  include  military  support  for  the  Global  War  on  Terrorism.  These  samples  may 
be  tested  by  short  tandem  repeat  marker  systems  that  include  the  13  Combined  DNA  Index 
System  loci.  These  samples  may  also  undergo  mitochondrial  DNA  analysis,  Y-chromosomal 
analysis,  or  other  forensic  testing  as  deemed  appropriate  by  the  Joint  Federal  Agencies 
Antiterrorism  DNA  Database  working  group,  which  consists  of  members  drawn  from  the  DoD 
and  federal  law  enforcement  and  intelligence  communities.  The  FBI  DNA  Advisory  Board, 

“Quality  assurance  standards  for  Forensic  DNA  Testing  Faboratories  and  for  Convicted 
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Offender  DNA  Databasing  Laboratories”  (Reference  g)  provides  additional  information  on 
requirements  and  quality  assurance  metrics  for  DNA  testing. 

U.S.  military  units  shall  collect  two  buccal  (intra-oral  cheek)  swabs  from  each  person. 

Collection  Personnel  shall  collect  one  swab  from  the  inside  of  each  cheek  (right  and  left).  The 
person  must  not  have  consumed  food  or  drink;  chewed  gum;  or  chewed,  dipped,  or  smoked 
tobacco  or  any  other  products  for  at  least  15  minutes  prior  to  the  DNA  sample  being  collected. 

B.2.1  Collection  and  Labeling 

•  DoD  personnel  shall  label  each  container  of  two  swabs  with  the  person’s  name,  the  date 
and  location  of  acquisition,  and  the  name  and  unit  of  the  individual  responsible  for  the 
collection.  The  containers  must  be  labeled  using  a  permanent  marker  or  pen. 

•  DoD  personnel  shall  collect  DNA  samples  using  a  sterile  cotton-tipped  applicator  for  the 
buccal  swabs.  Briskly  rub  the  inside  of  the  person’s  inner  cheek  up  and  down  10  times 
with  the  buccal  swab,  concentrating  on  scraping  cells  from  the  oral  mucosa,  (inner  cheek) 
not  just  collecting  saliva. 

•  The  two  swabs  should  be  air  dried  for  at  least  thirty  minutes  when  possible  prior  to 
repackaging  and  transport.  DoD  personnel  shall  place  the  dried  oral  swabs  in  a  properly 
labeled  paper  envelope  or  paper  box  (never  plastic)  and  seal  with  evidence  tape.  Gloves 
should  be  worn  when  packaging  the  swabs. 

B.2.2  Transfer  to  Laboratory 

•  U.S.  military  units  shall  maintain  a  chain  of  custody  for  each  pair  of  swabs  using 
appropriate  documentation  and  procedures  or  similar  document. 

•  It  is  important  that  all  individuals  handling  the  DNA  samples  use  gloves  and  avoid  direct 
skin,  hair,  or  breath  contact  that  might  contaminate  the  samples. 

•  Combatant  Commands  shall  establish  written  procedures  to  transfer  persons’  swabs  to  the 
FBI.  DoD  and  the  federal  law  enforcement  and  intelligence  communities  cooperatively 
process  the  swabs. 

•  The  DoD  shall  maintain  DNA  profiles  in  a  joint  database  that  shall  be  traceable  to  the 
person’s  other  biometric  information. 
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